CIO
How to get PCI DSS compliance right
Six steps on the road to greater customer data security
CIO Staff  21 May, 2009 16:06:00
Tags: PCI secuity standard

The road to becoming Payment Card Industry Data Security Standard (PCI DSS) compliant can be a long one, so here we give you the Security Standards Council's Prioritised Approach of six milestones to help your organisation start your journey.

1. Remove sensitive authentication data and limit data retention

This milestone targets a key area of risk for entities that have been compromised. Remember – if sensitive authentication data and other cardholder data are not stored, the effects of a compromise will be greatly reduced. If you don’t need it, don’t store it.

2. Protect the perimeter, internal, and wireless networks

This milestone targets controls for points of access to most compromises – the network or a wireless access point.

3. Secure payment card applications

This milestone targets controls for applications, application processes, and application servers. Weaknesses in these areas offer easy prey for compromising systems and obtaining access to cardholder data.

4. Monitor and control access to your systems

Controls for this milestone allow you to detect the who, what, when, and how concerning who is accessing your network and cardholder data environment.

5. Protect stored cardholder data

For those organisations that have analysed their business processes and determined that they must store Primary Account Numbers, Milestone Five targets key protections mechanisms for that stored data.

6. Finalise remaining compliance efforts, and ensure all controls are in place.

The intent of Milestone Six is to complete PCI DSS requirements and finalise all remaining related policies, procedures, and processes needed to protect the cardholder data environment.

For more information see the Security Standards Council's paper.

References

More about Milestone

Comments

Sat, 23/05/2009 - 10:59 — Armorguy (not verified)

Seriously??!!

This is intended to be a meaningful explication of PCI compliance? In less than 300 words?

Please, please, please - don't take what is a crucially important compliance issue and dumb it down like this again. You make yourselves look less than fully aware of the issues...

Your readers deserve better than this - and I suspect you know it. CIO has always stood for quality writing and editing - this doesn't due your reputation justice.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Enter the fully qualified URL, eg. http://www.example.com/
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Add to Google
Related Topics
(Security)
Newsletters
Sign up for our CIO newsletters!
More about PCI secuity standard
More about PCI secuity standard >
Additional Resources
Executive Guides
Whitepapers
white paper Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Zones
Zone logoZones provide focussed content from CIO and leading technology partners.
RSS Feeds
Syndicate content Syndicate content

URL
www.kyoceramita.com.au

Call us on
Australia: 1800 339 003
New Zealand: 0508 596 2732

Email us
marketing@kyoceramita.com.au

Did you realise that the cost or running a laser printer over its lifetime is likely to exceed the original purchase price by several times? To compare your current printer's running costwith a Kyocera printer, select the TCO Calculator

Total Cost of Ownership (TCO)
Kyocera Saves... Try our Saving Estimator now
Calculate Now

Whitepapers

Articles

Testimonials

 

Wondering how to improve your business with UC on an IP Network?

Join Computerworld's Live Webinar where we will address the move many companies are making towards IP based voice services (SIP trunking, VoIP) and look at how they are using a single connection for data and voice rather than separate lines. Learn about the latest in IP networks and how it can help your organisation.

Wednesday 25th November 2009, Time 10.30 am EST (Sydney, Australia) Screening at your desk

Register now

  • +

    CA brings SOA security to open source JBoss 09 February, 2010 10:08:00

    More commercial options for widely-used app server
    CA has announced its SiteMinder and SOA Security Manager products are now available for the open source JBoss middleware platform.
  • +

    Indian pleads guilty in overseas stock hacking scheme 08 February, 2010 07:50:00

    The group of hackers compromised brokerage accounts, then pumped up the prices of stocks
    An Indian national pleaded guilty Friday to conspiracy and aggravated identity-theft charges related to an international fraud scheme to hack into online brokerage accounts in the U.S. and use them to manipulate stock prices, the U.S. Department of Justice said.
  • +

    E-mail scam steals €3 million in carbon credits 05 February, 2010 06:47:00

    The phishing scheme resulted in losses of up to €3 million from companies
    A clever phishing scheme launched last week may have stolen more than €3 million (US$4.1 million) worth of carbon emission permits from companies.
  • +

    Windows 7 Tips: Best Security Features 04 February, 2010 04:52:00

    IT can specify which applications can run on employees' desktops
    For both enterprises and consumers, one of the big draws of Windows 7 has been its tighter security features.
  • +

    Twitter forces password reset to protect some accounts 04 February, 2010 05:48:00

    The company has discovered that log-in information has been stolen in compromised torrent file-sharing sites
    Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.

Media Releases
Most Popular Whitepapers
Upcoming Industry Events
  • No upcoming events available
more
Whitepaper


Read Whitepaper

Overtaken by Events? The Quest for Operational Responsiveness | A Survey of Global Energy, Telecoms, and Logistics Businesses

As this white paper will demonstrate, harnessing business events, smart interpretation and fast response are definite objectives, and the need is immediate. Read notes from 400 interviews performed by an independent research company - download now.

CIO Industry Insight Podcast #6: Brenton Smith, Managing Director, CA (ANZ)
Listen to the latest edition of CIO Live which is now available for download.
Listen to the podcast
Sign up to the CIO Live email
Whitepaper
Securing People and Information: How to Protect Against Today’s Web-based Threats

This white paper explores the benefits of an Application Delivery Network, highlighting the ability to protect your users and applications and still deliver outstanding application performance with confidence, consistency and cost-effectiveness across your distributed network.

Read Whitepaper

Brought to you by
Videos
Get a job Careerone